Choose your Control Panel

Crazy Long DKIM?

Ever wondered how you deal with long DKIM records? Because if you think you can just stick that bad boy in a text field, chances are that is going to fail. Horribly. There is an RFC (Request for Comments – or internet adopted standard) that says that TXT fields within a DNS zone need to be under 254 chars.. If they are not they will either be kicked out again, rejected, or worse still accepted and then fail to propagate and throwing a properly large spanner in the works.

Thankfully the internet is here to help.

There is another RFC that lays out a means and structure to put in these crazy long strings into TXT fields, and still have them work. Who knew – right?

So – RFC suggests splitting it up. Sure – it all goes in the same record, but it is handled as different records, and chunked back together by the application at the other end. It complies by the rules, yet manages to work around them.

If you wish to use a large key in DNS, there are some limitations of which you should be aware. A TXT record in the DNS consists of a series of strings each of which don’t exceed 255 bytes. This is a result of the fact that each string is preceded by a length byte (which, of course, can’t exceed 255). Furthermore, some DNS implementations don’t allow packets larger than 512 bytes. Some RSA keys will exceed the 255 byte limit once encoded with base64, so some special formatting must be used to make such a record fit. Failing to do so can cause an incomplete record to be published or, worse, the nameserver to refuse to serve the record or even the entire zone.

In the case of the BIND nameserver, there are two syntax rules one can use to make a large record fit within these boundaries:

1) TXT substrings

Instead of a record like:

recname IN TXT “foobarbazblivitalphabravocharliedelta…zulu”

…one can also do:

recname IN TXT “foobar” “baz” “blivit” “alpha” … “zulu”

(The “…” is mean to indicate continuation and is not a literal set of three “.” characters.)

You simply have to break up the large record into smaller strings such that no string exceeds 255 bytes. DKIM implementations will reassemble TXT records broken down this way into the full original single string before processing them.
2) Line continuations

It can be difficult for some to edit very long lines of text. It’s therefore desirable to have a mechanism to break very long TXT records down so that they fit nicely within an editor window. In BIND, this is done by enclosing the wrapped lines within parentheses. Continuing with the example above, this: